Denial Of Service (DoS)

2018-01-1506:04:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.011 Low

EPSS

Percentile

84.2%

JSON

undertow-core is vulnerable to denial of service (DoS) attacks. The application does not check if the HTTP header values it receives are null, allowing a malicious user to pass null header values to fill the heap and cause resource exhaustion.

CPENameOperatorVersion
undertow corele1.4.7.Final
eap7-wildflyeq7.0.0__19.GA_redhat_3.1.ep7.el6
eap7-wildflyeq7.0.5__3.GA_redhat_2.1.ep7.el6
eap7-wildflyeq7.0.4__4.GA_redhat_2.1.ep7.el6
eap7-wildflyeq7.0.5__3.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.0.0__19.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.0.9__4.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.0.2__2.GA_redhat_1.1.ep7.el6
eap7-wildflyeq7.0.1__4.GA_redhat_2.1.ep7.el7
eap7-wildflyeq7.0.4__4.GA_redhat_2.1.ep7.el7

Name	Operator	Version
undertow core	le	1.4.7.Final
eap7-wildfly	eq	7.0.0__19.GA_redhat_3.1.ep7.el6
eap7-wildfly	eq	7.0.5__3.GA_redhat_2.1.ep7.el6
eap7-wildfly	eq	7.0.4__4.GA_redhat_2.1.ep7.el6
eap7-wildfly	eq	7.0.5__3.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.0.0__19.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.0.9__4.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.0.2__2.GA_redhat_1.1.ep7.el6
eap7-wildfly	eq	7.0.1__4.GA_redhat_2.1.ep7.el7
eap7-wildfly	eq	7.0.4__4.GA_redhat_2.1.ep7.el7